To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Sorry for shooting too fast:
the real whois inetnum: 125.176.0.0 - 125.191.255.255 netname: Xpeed-KR descr: LG POWERCOMM country: KR Kind regards Peter Peter Dambier wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Not necessaryly a botnet - but bots might hide there: > > 2007-08-25 16:57:52 SMTP connection from [125.187.32.144]:45885 (TCP/IP > connection count = 1) > 2007-08-25 16:58:11 SMTP connection from [125.187.32.222]:52495 (TCP/IP > connection count = 2) > 2007-08-25 16:58:22 ident connection to 125.187.32.144 timed out > 2007-08-25 16:58:25 no host name found for IP address 125.187.32.144 > > whois reports: > > ReferralServer: whois://whois.apnic.net > > NetRange: 125.0.0.0 - 125.255.255.255 > CIDR: 125.0.0.0/8 > NetName: APNIC-125 > NetHandle: NET-125-0-0-0-1 > Parent: > NetType: Allocated to APNIC > Comment: This IP address range is not registered in the ARIN database. > Comment: For details, refer to the APNIC Whois Database via > Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl > Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry > Comment: for the Asia Pacific region. APNIC does not operate networks > Comment: using this IP address range and is not able to investigate > Comment: spam or abuse reports relating to these addresses. For more > Comment: help, refer to http://www.apnic.net/info/faq/abuse > RegDate: 2005-01-27 > Updated: 2005-05-20 > > So I should never have seen a packet from them? > > > But traceroute shows a route to them: > > traceroute to 125.187.32.144 (125.187.32.144), 30 hops max, 40 byte packets > 1 krzach.peter-dambier.de (192.168.48.2) 1.112 ms 1.590 ms 1.774 ms > 3 217.0.78.54 83.412 ms 83.446 ms 183.549 ms > 4 217.239.40.33 183.582 ms 190.061 ms 207.031 ms > 5 dt-gw.n54ny.ip.att.net (192.205.32.57) 207.000 ms * * > 7 12.122.16.137 268.719 ms 275.778 ms 284.531 ms > 8 cr1.cgcil.ip.att.net (12.122.1.190) 209.032 ms 217.048 ms 223.948 ms > 9 12.122.17.130 229.927 ms 237.691 ms 245.808 ms > 10 tbr1.sffca.ip.att.net (12.122.10.6) 252.838 ms 260.754 ms 269.676 ms > 11 12.122.110.5 277.657 ms 576.902 ms * > 14 203.255.234.221 357.076 ms 357.083 ms 372.057 ms > 15 210.120.246.65 379.221 ms 395.135 ms 395.169 ms > 16 210.120.117.6 410.197 ms 210.120.248.250 420.023 ms 427.029 ms > 17 210.120.244.94 360.443 ms 360.451 ms 210.120.244.90 368.292 ms > 18 210.120.104.146 389.240 ms 203.248.223.82 389.274 ms 746.508 ms > 23 125.187.32.144(H!) 351.850 ms (H!) 359.870 ms (H!) 367.696 ms > > > Kind regards > Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
